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Til the Claims : 

Please amend claims 62 - 72, as indicated below. 

1. (Previously presented) A method for communicating in a distributed 
computing environment, comprising: 

a client accessing an authentication service to obtain an authentication credential 
to use a first service; 

determining client capabilities for said client, wherein said client capabilities arc 
capabilities of said first service that said client is permitted to use; 

binding said client capabilities to said authentication credential; 

said client sending a first message to said first service, wherein said first message 
includes said authentication credential; 

said first service using said authentication service to authenticate said 
authentication credential received in said first message; and 

said first service responding to said first message if said authentication credential 
in said first message is determined to be authentic as from said client. 

2. (Original) The method as recited in claim 1, further comprising said client 
obtaining an address for said authentication service from an advertisement for said first 
service, wherein said accessing an authentication service comprises said client sending a 
message to said address for said authentication service requesting said authentication 
credential to use said advertised first service. 
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3. (Original) The method as recited in claim 2 3 wherein said advertisement for 
said first service includes a data representation language schema defining a message 
interface for accessing said first service. 

4. (Original) The method as recited in claim 3, wherein said first message 
corresponds to a message defined in said data representation language schema. 

5. (Original) The method as recited in claim 4, further comprising said client 
sending additional messages to said first service to use said first service, wherein said 
authentication credential is included with each one of said additional messages, and 
wherein each one of said additional messages is defined by said data representation 
language schema. 

6. (Original) The method as red led in claim 5, wherein said data representation 
language schema is an extensible Markup Language (XML) schema. 

7. (Canceled) 

8. (Previously presented) The method as recited in claim 1, further comprising: 

said client sending a request message to said first service to access a capability of 
said first service, wherein said request message includes said 
authentication credential; 

said first service determining that the capability requested in said request message 
is within said client capabilities; and 

said first service fulfilling said request message only if the capability requested in 
said request message is within said client capabilities. 
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9. (Previously presented) The method as recited in claim 1 ? wherein said 
determining client capabilities comprises said client accessing an access policy service to 
obtain a capability token indicating which capabilities of said first service said client is 
permitled to access. 

10. (Original) The method as recited in claim 9> wherein said authentication 
service and said access policy service are combined as a single service and wherein said 
capability token is included within said authentication credential. 

11. (Previously presented) The method as recited in claim 1, wherein said 
determining client capabilities is performed by said first service. 

12. (Original) The method as recited in claim 1, further comprising said client 
generating a message gale for accessing said first service, wherein said message gale 
sends request messages from said client to said first service to access said first service, 
and wherein said message gate includes said authentication credential in each message to 
said first service, 

13. (Original) The method as recited in claim 12, further comprising said client 
obtaining a service advertisement for said first service before accessing said first service, 
wherein said service advertisement comprises an address for said authentication service 
and an address for said first service, 

14. (Original) The method as recited in claim 13, wherein said service 
advertisement further comprises a data representation language schema defining a 
message interface for accessing said first service, wherein said message gate verifies that 
each message sent from said client to said first service complies with said data 
representation language schema. 

15. (Original) The method as recited in claim 1, wherein said authentication 
service is a separately addressable service from said first service. 

O0/fc5i,227 (5181 -64S0MM979) 4 Mcyc* on*, tlnnd, Kivlin, Kowcf I & Goci/cl, P.C. 

PAGE 5/23 ' RCVD AT 7128/2005 4:43:20 PM [Eastern Daylight Time] 1 SVR:USPTO-EFXRMI32 * DNISOTOO ' CSID: ' DURATION (mm-ss):0440 



JUL-28-2005 THU 03:43 PM 



FAX NO. 



P. 06 



16. (Original) The method as recited in claim l t wherein said client accessing an 
authentication service to obtain an authentication credential to use a first service 
comprises said authentication service reluming said authentication credential to said 
client only ifsaid client is authorised to access said first service. 

17. (Original) A method for communication in a distributed computing 
environment, comprising: 

a client obtaining a service advertisement for a first service, wherein said service 
advertisement includes an address for an authentication service; 

said client sending a request message to said authentication service to obtain an 
authentication credential to use said first service; 

said client generating a message gate for accessing said first service, wherein said 
message gate embeds said authentication credential in every message from 
said client to said first service; and 

said client accessing said first service through said message gate. 

18. (Original) The method as recited in claim 17, wherein said service 
advertisement further comprises a data representation language schema defining a 
message interface for accessing said first service, the method further comprising said 
message gate verifying that every message sent from said client to said first service 
complies with said data representation language schema. 

19. (Original) The method as Tecited in claim 18, wherein said data 
representation language schema is an extensible Markup Language (XML) schema and 
said messages from said client to said first service are XML messages. 
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20. (Original) The method as recited in claim 17, further comprising said first 
service using said authentication service lo determine if said authentication credential 
received in a first message from said client is authentic. 

21. (Original) The method as recited in claim 20, further comprising, after 
authenticating said authentication credential received in said first message from said 
client, said first service determining which capabilities of said first service said client is 
authorized to use, wherein said first service responds to a request message from said 
client only if said request message is for an authorised capability for said client. 

22. (Original) The method as recited in claim 21, further comprising said first 
service binding a determination of which capabilities of said first service said client is 
authorized to use to said authentication credential so that said first service docs not need 
to repeat said determining which capabilities of said first service said client is authorized 
to use, 

23. (Original) The method as recited in claim 20, further comprising said first 
service noting whether or not said authentication credential is authentic so that said first 
service does not need to repeat said using said authentication service lo determine if said 
authentication credential received in a first message from said client is authentic. 

24. (Original) The method as recited in claim 17, wherein said service 
advertisement for said first service further includes an address for accessing said first 
service, wherein said authentication service and said first service arc separate services 
within the dislribuled computing environment. 

25. (Original) The method as recited in claim 17, wherein said service 
advertisement further includes a service identifier token for said first service, wherein 
said client sending a request message to said authentication service to obtain an 
authentication credential comprises sending said service identifier token and a client 
identifier token to said authentication service. 

00/653,227 (5181 -64800^979) 6 Mcycrtnns, Hood, Kivh'n, Kowurt & Goci/Cl, P.C, 

PAGE 7/23 * RCVD AT 7/28/2005 4:43:20 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-6/32 1 DNIS:2738300 11 CSID: * DURATION (mm«ss):0440 



JUL-28-2005 THU 03:44 PM 



FAX NO. 



P. 08 



26, (Original) The method as recited in claim 25, wherein said authentication 
service generates said authentication credential from said client identifier token and said 
service identifier token. 

27, (Previously presented) A client device configured to: 

access an authentication service to obtain an authentication credential to use a first 
service; 

determine client capabilities for said client device, wherein said client capabilities 
are capabilities of said first service that said client device is permitted to 
use; and 

bind said client capabilities to said authentication credential; 

send a first message to said first service, wherein said first message includes said 
authentication credential, wherein said first service is configured to use 
said authentication service to authenticate said authentication credential 
received in said first message; and 

receive a response to said first message from said first service if said 
authentication credential in said first message is determined to be 
authentic as from said client device, 

28, (Original) The client device as recited in claim 27, further configured to: 

obtain an address for said authentication service from an advertisement for said 
first service; 
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wherein, in said accessing an authentication service, the client device is further 
configured to: 

send a message to said address for said authentication service requesting 
said authentication credential to use said advertised first service, 

29. (Original) The client device as recited in claim 28, wherein said 
advertisement Tor said first service includes a data representation language schema 
defining a message interface for accessing said first service, and wherein said first 
message corresponds to a message defined in said data representation language schema. 

30. (Original) The client device as recited in claim 29, further configured to send 
additional messages to said first service to use said first service, wherein said 
authentication credential is included with each one of said additional messages, and 
wherein each one of said additional messages is defined by said data representation 
language schema. 

31 > (Original) The client device as recited in claim 29, wherein said data 
representation language schema is an extensible Markup Language (XML) schema. 

32, (Canceled) 

33. (Previously presented) The client device as recited in claim 27, further 
configured to: 

send a request message to said first service to access a capability of said first 
service, wherein said request message includes said authentication 
credential; 
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wherein said first service is configured to fulfill said request message only if said 
first service determines that the capability requested in said request 
message is within said client capabilities. 

34. (Previously presented) The client device as recited in claim 27, wherein, in 
said determining client capabilities, the client device is further configured to access an 
access policy service to obtain a capability token indicating which capabilities of said 
first service said client is permitted to access. 

35. (Original) The client device as recited in claim 34, wherein said 
authentication service and said access policy service are combined as a single service, 
and wherein said capability token is included within said authentication credential, 

36. (Original) The client device as recited in claim 27, further configured to 
generate a message gate for accessing said first service, wherein said message gate sends 
request messages from said client to said first service to access said first service, and 
wherein said message gate includes said authentication credential in each message to said 
first service. 

37. (Original) The client device as recited in claim 36, further configured to: 

obtain a service advertisement for said first service before accessing said first 
service, wherein said service advertisement comprises a data 
representation language schema defining a message interface for accessing 
said first service; 

wherein said message gate is configured to verify that each message sent from 
said client device to said first service complies with said data 
representation language schema. 
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38. (Original) The client device as reciled in claim 27, wherein, in said accessing 
an authentication service to obtain an authentication credential to use a first service, Ihe 
client device is further configured to receive from said authentication service said 
authentication credential only if said client device is authorized to access said first 
service. 

39. (Original) The client device as recited in claim 27, wherein said 
authentication service and said first service arc configured to execute within a service 
device, and wherein said client device is further configured to couple to said service 
device via a network. 

40. (Original) The client device as recited in claim 27, wherein said client device 
is further configured to couple to a network via a wireless connection. 

41. (Original) The client device as recited in claim 27, 

wherein said authentication service is configured to execute within an 
authentication server; 

wherein said first service is configured to execute within a service device; and 

wherein said client device, said service device, and said authentication server are 
separate devices comprised in a distributed computing environment. 

42. (Original) The client device as recited in claim 27, wherein said first service 
is configured to execute within said client device. 

43. (Previously presented) A service device con figured to: 
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receive from a client a first message including an authentication credential 
wherein said client accesses an authentication service to obtain said 
authentication credential to use said service device; 

use said authentication service to authenticate said authentication credential 
received in said first message; 

determine client capabilities for said client, wherein said client capabilities are 
capabilities of said service device that said client is permitted lo use; 

bind said client capabilities to said authentication credential; and 

respond to said first message if said authentication credential in said first message 
is determined to be authentic as from said client. 

44« (Original) The service device as recited in claim 43, further configured to 
provide to said client an advertisement for said service device, wherein said 
advertisement includes a data representation language schema defining a message 
interface for accessing said service device. 

45* (Original) The service device as recited in claim 44, wherein said first 
message corresponds to a message defined in said data representation language schema. 

46. (Original) The service device as recited in claim 45, further configured to 
receive additional messages from said client to use said service device, wherein said 
authentication credential is included with each one of said additional messages, and 
wherein each one of said additional messages is defined by said data representation 
language schema. 

47. (Original) The service device as recited in claim 44, wherein said data 
representation language schema is an extensible Markup Language (XML) schema. 
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48. (Canceled) 

49. (Original) The service device as recited in claim 43, further configured to: 

receive from said client a request message to access a capability of said service 
device, wherein said request message includes said authentication 
credential; 

determine that the capability requested in said request message is within said 
client capabilities; and 

Tul fill said request message only if the capability requested in said request 
message is within said client capabilities. 

50. (Original) The service device as recited in claim 43, wherein said client is 
configured to execute within a client device, and wherein said service device and said 
client device arc separate devices comprised hi a distributed computing environment, 

51. (Previously presented) A distributed computing system, comprising: 
a client device; and 

a service device; 

wherein said client device is configured to; 

access an authentication service to obtain an authentication credential to 
use said service device; and 
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determine client capabilities for said client device, wherein said client 
capabilities arc capabilities of said service device that said client 
device is permitted to use; and 

bind said client capabilities to said authentication credential; 

send a first message to said service device, wherein said first message 
includes said authentication credential; and 

wherein said service device is configured to: 

use said authentication service to authenticate said authentication 
credential received in said first message; and 

respond to said first message if said authentication credential in said first 
message is determined to be authentic as from said client. 

52. (Original) The system as recited in claim 51, 

wherein the service device is further configured to provide to said client device an 
advertisement for said service device, wherein said advertisement includes 
a data representation language schema defining a message interface for 
accessing said service device; 

wherein the client device is further configured to obtain an address for said 
authentication service from said advertisement for said service device; and 

wherein, in said accessing an authentication service, the client device is further 
configured to send a message to said address for said authentication 
service requesting said authentication credential to use satd advertised 
service device. 
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53. (Original) The system as recited in claim 52, wherein said advertisement for 
said service device includes a data representation language schema defining a message 
interface for accessing said service device, wherein said first message corresponds to a 
message defined in said data representation language schema, 

54. (Original) The system as recited in claim 53, wherein the client device is 
further configured to send additional messages to said service device to use said service 
device, wherein said authentication credential is included with each one of said additional 
messages, and wherein each one of said additional messages is defined by said data 
representation language schema. 

55. (Original) The system as recited in claim 53, wherein said data 
representation language schema is an extensible Markup Language (XML) schema. 

56. (Original) The system as recited in claim 51, wherein said authentication 
service is configured to execute within said service device. 

57. (Original) The system as recited in claim 51 , 

wherein said authentication service is configured to execute within an 
authentication server; and 

wherein said client device, said service device, and said authentication server arc 
separate devices comprised in a distributed computing environment, 

58. (Original) A distributed computing system, comprising: 
a client device; 

a service device; 
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wherein said client device is configured to: 

obtain a service advertisement for said service device, wherein said 
service advertisement includes an address for an authentication 
service; 

send a request message to said authentication service to obtain an 
authentication credential to use said service device; 

generate a message gate for accessing said service device, wherein said 
message gate is configured to embed said authentication credential 
in every message from said client device to said service device; 
and 

access said service device through said message gate; 

59. (Original) The system as recited in claim 58, 

wherein said service advertisement further comprises a data representation 
language schema defining a message interface for accessing said service 
device; and 

wherein said message gate is further configured to verify that every message sent 
from said client device to said service device complies with said data 
representation language schema, 

60. (Original) The system as recited in claim 59, wherein said data 
representation language schema is an extensible Markup Language (XML) schema and 
said messages from said client device to said service device are XML messages. 
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61 . (Original) The system as recited in claim 58, wherein said service device is 
configured to: 

use said authentication service to determine if said authentication credential 
received in a first message from said client device is authentic; 

determine which capabilities of said service device said client device is authorized 
to use; and 

respond to said first message from said client device only if said first message is 
for an authorized capability for said client device. 

62. (Currently amended) A eame ^tangible. computer acccs sihlc_mcdium 
comprising program instructions, wherein the program instructions are computer- 
executable to implement: 

a client accessing an authentication service to obtain an authentication credential 
to use a first service; 

determining client capabilities for said client, wherein said client capabilities arc 
capabilities of said first service that said client is permitted to use; 

binding said client capabilities to said authentication credential; 

said client sending a first message to said first service, wherein said first message 
includes said authentication credential; 

said first service using said authentication service to authenticate said 
authentication credential received in said first message; and 
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said first service responding to said first message if said authentication credential 
in said first message is determined to be authentic as from said client. 

63. (Currently amended) The 6ame ^tangihle> computer accessible m edium as 
recited in claim 62, wherein the program instructions arc further computer-executable to 
implement: 

said client obtaining an address for said authentication service from an 
advertisement for said first service; 

wherein, in said accessing an authentication service, the program instructions arc 
further computer-executable to implement: 

said client sending a message to said address for said authentication 
service requesting said authentication credential to use said 
advertised first service. 

64. (Currently amended) The eatrie ^tanpiblc. computer accessible medium as 
recited in claim 63, wherein said advertisement for said first service includes a data 
representation language schema defining a message interface for accessing said first 
service, wherein said first message corresponds to a message defined in said data 
representation language schema, 

65. (Currently amended) The earner-tan gible, computer accessible medium as 
recited in claim 64, wherein said data representation language schema is an extensible 
Markup Language (XML) schema. 

60. (Currently amended) The earner-tangible, com puter accessible medium as 
recited in claim 62> wherein the program instructions arc further computer- executable to 
implement: 
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said client sending a request message to said first service to access a capability of 
said first service, wherein said request message includes said 
authentication credential; 

said first service determining that the capability requested in said request message 
is within said client capabilities; and 

said first service fulfilling said request message only if the capability requested in 
said request message is within said client capabilities. 

67, (Currently amended) The carrier -tangible, computer accessibl e medium as 
recited in claim 62, wherein the program instructions are further computer-executable to 
implement: 

said client generating a message gate for accessing said first service; 

said message gate sending request messages from said client to said first service 
to access said first service, wherein said message gate includes said 
authentication credential in each message to said first service, 

68. (Currently amended) The earner -tangible, computer accessible medium as 
recited in claim 67, wherein the program instructions arc further computer-executable to 
implement: 

said message gate verifying that each message sent from said client to said first 
service complies with a data representation language schema, wherein said 
data representation language schema defines a message interface for 
accessing said first service 
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69. (Currently amended) A com e r tangible, computer accessible medium 
comprising program instructions, wherein the program instructions are computcr- 
oxecutablc to implement: 

a client obtaining a service advertisement for a first service, wherein said service 
advertisement includes an address for an authentication service; 

said client sending a request message to said authentication service to obtain an 
authentication credential to use said first service; 

said client generating a message gate for accessing said first service, wherein said 
message gate embeds said authentication credential in every message from 
said client to said first service; and 

said client accessing said first service through said message gate, 

70. (Currently amended) The eame ^langihle, com p uter accessible medium as 
recited in claim 69, wherein said service advertisement further comprises a data 
representation language schema defining a message interface for accessing said first 
service, and wherein the program instructions arc further computer-executable lo 
implement: 

said message gate verifying that every message sent from said client to said first 
service complies with said data representation language schema. 

71. (Currently amended) The earner -tangible, comnuter access ible medium as 
recited in claim 70, wherein said data representation language schema is an extensible 
Markup Language (XML) schema and said messages from said client to said first service 
ore XML messages. 
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72. (Currently amended) The carfief- tanpible. compute r accessible medium as 
recited in claim 69, wherein the program instructions are further computer-executable to 
implement: 

said first service using said authentication service to determine if said 
Authentication credential received in a first message from said client is 
authentic; 

said first service determining which capabilities of said first service said client is 
authorized to use; and 

said first service responding to said first message from said client only if said first 
message is for an authorized capability for said client. 
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